Cyber Resilience

CVE-2023-24955

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linkedRCE

Published: 09 May 2023

Published
09 May 2023
Modified
28 October 2025
KEV Added
26 March 2024
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9179 99.7th percentile
Risk Priority 89 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24955 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

Microsoft SharePoint Server contains a remote code execution vulnerability tracked as CVE-2023-24955 and assigned CWE-94. The flaw permits an attacker to inject and execute arbitrary code on affected SharePoint installations. It carries a CVSS 3.1 base score of 7.2 reflecting network attack vector, low complexity, and the requirement for high privileges.

An authenticated user with administrative rights can send a crafted request over the network to achieve full code execution, resulting in complete compromise of confidentiality, integrity, and availability on the SharePoint server. No user interaction is required and the attack does not cross trust boundaries.

Microsoft’s advisory at msrc.microsoft.com directs administrators to apply the security update released for supported SharePoint Server versions. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, indicating that federal agencies must remediate according to the published deadlines.

The vulnerability maintains a high EPSS score of 0.9179, consistent with observed in-the-wild exploitation activity.

EU & UK References

Vulnerability details

Microsoft SharePoint Server Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
26 March 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
sharepoint enterprise server
2016
microsoft
sharepoint server
2019, all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch that eliminates the RCE flaw in SharePoint Server.

prevent

Limits the number of accounts granted the high privileges required to trigger the authenticated code-execution path.

prevent

Enforces access-control decisions that block unauthorized or unintended code paths even for authenticated SharePoint users.

References